A Week in Security (Apr 05 - 11)

A Week in Security (May 24 – May 30)

Last week, our researchers gave our regular Malwarebytes Unpacked readers a bird’s eye view on a workshop we’ll be doing with attendees at BSides London, our latest find on technical support scammers, a notable device crash involving iPhone smartphone models, another notable Facebook scam, Secure Boot, and a series on an exploit kit targeting Chinese internet users.

News of an “annoying party trick” (as per our researcher) have begun spreading on the Web when an inherent flaw affecting certain iPhone models—a technical issue first raised on Reddit. We demoed the crash in a video, stated the conditions wherein the bug may likely work, and some temporary workaround until Apple patches it.

Following a post on “Facebook Recovery”, we spotted another scam that hid behind “Facebook for Business”. This campaign used the App feature to lead users to a third-party page, which was served on Dropbox.

We also started delving into the exploit kit that specifically targeted Chinese websites and users. One may find their systems affected by such a threat when visiting compromised Chinese sites—enough to trigger a drive-by download attack. The said kit was programmed to look for vulnerabilities on Java, Internet Explorer, and Flash Player. This post is part one of two.

Notable news stories and security related happenings:

  • Sniffing and Tracking Wearable Tech and Smartphones. “Researchers at Context Information Security have demonstrated how easy it is to monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, wearable devices and iBeacons, including the iPhone and leading fitness monitors, raising concerns about privacy and confidentiality. The researchers have even developed an Android app that scans, detects and logs wearable devices.” (Source: Help Net Security)
  • New Point-of-Sale Malware NitlovePoS Sends Card Data via Encrypted Connection. “Security researchers identified a fresh malware piece targeting point-of-sale (PoS) systems that relies on encrypted communication to exfiltrate payment card info from the memory of the payment processing machines. By sending data using SSL (Secure Sockets Layer), hackers ensure that detection at network level is more difficult since the details of the communication cannot be analyzed.” (Source: Softpedia)
  • Could thieves use jamming technology to steal your car? “For years science fiction has depicted criminals, governments and security forces being able to block signals with radio jammers. Now criminals in the UK have started to get their hands on jammers and are using them to break into cars.” (Source: The Guardian)
  • Recent Breaches a Boon to Extortionists. “The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for financial gain.” (Source: KrebsOnSecurity)
  • IRS Says Thieves Stole Tax Info From 100,000. “Sophisticated criminals used an online service run by the IRS to access personal tax information from more than 100,000 taxpayers, part of an elaborate scheme to steal identities and claim fraudulent tax refunds, the IRS said Tuesday.” (Source: ABC News)
  • Moose – The Router Worm with an Appetite for Social Networks. “ESET researchers have issued a technical paper today, analyzing a new worm that is infecting routers in order to commit social networking fraud, hijacking victims’ internet connections in order to ‘like’ posts and pages, ‘view’ videos and ‘follow’ other accounts.” (Source: ESET’s We Live Security Blog)
  • Cybercrime Skills Critical for All Police as Global Criminals Move Online, INTERPOL Warns. “As highlighted in a recent Australian Crime Commission report into the changing face of organised crime in this country, cybercriminal activity was no longer characterised by online-only attacks from rogue hackers. Rather, established criminal elements were increasingly challenging conventional enforcement structures with transnational malware activities and the use of cryptocurrencies that defy mechanisms for tracking physical currency movements.” (Source: CSO Australia)
  • Like Routers, Most USB Modems also Vulnerable to Drive-by Hacking. “The researchers claim to have found remote code execution vulnerabilities in the Web-based management interfaces of more than 90 percent of the modems they tested. These flaws could allow attackers to execute commands on the underlying operating systems.” (Source: CSO Online)

Safe surfing, everyone!

The Malwarebytes Labs Team